Shopping Product Reviews

Six Characteristics of a Consolidated D3P 17a-4: A FINRA Small Business Guide

Introduction

FINRA small businesses cannot spend thousands of dollars a year trying to comply with SEC rule 17a-4; they must continually find ways to keep this cost as low as possible, and one way is to use a Consolidated D3P Service (designated third party).

However, too often, RIA brokers and investment banks are forced to use multiple providers to help them meet all of the 17a-4 requirements. For example, they must hire a provider for email archiving, one to back up their books and records, and another to act as their D3P and provide disaster recovery. Because of this, they eventually end up paying too much and making the entire compliance process more complex than it needs to be.

A Consolidated Designated Third Party or D3P is a solution offered by a single provider, priced at a fixed monthly fee that contains everything you need to comply with electronic records filing rule 17a-4. This means that the D3P chosen by the FINRA company, such as a stockbroker, performs the backup and archiving of actual data and performs all other necessary functions as a designated third-party download service. By using this type of provider, the entire compliance process is simplified, making audits easier to pass with a great reduction in the cost of compliance. However, when looking for this type of provider, FINRA companies should ensure that six key features are included.

Six characteristics of a consolidated D3P service 17a-4:

1. Email archiving. First, Consolidated D3P will do the email archiving. This is important because during the FINRA electronic records request, it is the first thing auditors will want to see as part of the 17a-4 electronic records monitoring process. However, the current problem is that e-mail is very dispersed; Businesses now use cloud services, internal email systems, and mobile devices to access their messages, therefore, as part of the D3P service, a provider must be able to connect to all these various systems, take a copy of the messages. and store them in a compatible way. .

In addition, it is important that the email archiving provider can also offer advanced email hosting features to customers. For example, D3P’s email service should also include virus / spam filtering, encryption, mobile device coverage, and full web-based search capabilities with hosted Microsoft Exchange included.

2. Archive of books and records. Once a full email archiving process has been implemented, FINRA members must ensure that the data contained in the books and records is properly archived with the D3P. The difficulty here is that the data from books and records is contained in the company in many different formats, such as Office documents, scanned files, databases and branches, or is uploaded to the cloud. The key here is also to make sure that all of this data is easily stored in a SEC format that complies with the SEC 17a-4 electronic records archiving rules.

Therefore, the D3P must have an automated method to connect to all these various systems, make a copy of the data stored on them so that it can be transferred to 17a-4 compliant storage. In addition, the D3P also has to offer the FINRA firm some additional features to achieve the ongoing supervision rule of 17a4:

  • Daily alerts and reports. Compliance officers and key personnel should receive regular reports of the data archiving process conducted by D3P. Reports, as well as regular emails showing what data has been archived, will form a critical part of the FINRA firm’s oversight process so that it can be proven to regulators during an audit.
  • Sample data sets. Similar to email, regulators will request a sample data set contained in the company’s books and records. FINRA firms, such as stockbrokers, will be asked to provide a sample of the data that is on file with the D3P, this should be a simple process that compliance officers perform themselves during an audit.
  • Secure consolidated access. The D3P should also have a secure consolidated web interface that compliance offers and other key personnel can use to search and download sample data sets to their computers so that they can make copies of this data to a DVD that can be delivered to clients. auditors when requested.

3. Disaster recovery. Because the D3P is backing up and archiving critical systems and other electronic records, it must also perform disaster recovery as required by the FINRA firm’s business continuity plan regulation. However, because they need to fully outsource their disaster recovery, FINRA small businesses need to ensure that the D3P disaster recovery process contains a few key elements.

For example, critical systems and data must be available 48 hours after a disaster. Additionally, as part of the company’s business continuity planning process, FINRA will want three main areas covered. First, the health of critical systems must be protected. Systems Health enables full systems restoration so that applications and their settings can be easily transferred to new servers if current servers are completely destroyed. Second, any record on servers, PCs on mobile devices, or in the cloud must be recoverable at any time. And finally, the D3P must have a process in place to make emails available during a disaster, either via direct download or via secondary web access.

4. Supervision of electronic records. To ensure full compliance with SEC rule 17a-4, FINRA firms must have a tool to continuously monitor electronic records and be able to access their data file during an audit. Therefore, the D3P should include a secure web interface that gives compliance officers and other key employees the ability to access and download electronic records to their hard drives so that regulators can make sample copies of the data on the spot. . Additionally, this monitoring tool should have built-in automatic indexing so that searches can be performed quickly and all data is included to provide full seven-year access to data as required by SEC rule 17a-4 for compliance. of FINRA’s electronic record retention.

5. The third-party downloader 17a-4. As part of its service, the D3P must be able to access the FINRA signature data file. In addition, they need to download any data in a format that auditors can read. This is critical because archiving data as required by SEC rule 17a-4 can be a complex technical task in which auditors do not want firms to lose the mark, so they must rely on a secondary third party that has the technology. offer FINRA firms, such as stockbrokers, the ability to properly outsource the archive of electronic records so that they are retained and accessible in their original format.

6. Documentation. As their final obligation, the D3P must provide four compliance documents to their clients, they need to create: (1) A service level agreement, (2) the third-party storage provider letter 17a-4, (3) the stockbroker’s letter 17a-4 and (4) and a document describing its disaster recovery procedures.

Summary

Choosing a provider that offers a consolidated D3P service is one of the best ways for FINRA small businesses to simplify and keep the cost of achieving SEC rule 17a-4 as low as possible. However, it is important that they understand the key requirements that need to be included in the solution because, in the end, the goal is to pass FINRA audits effectively while avoiding unnecessary fines and therefore keeping the most high level of customer confidence at all times.

November 16, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1